From bf0337d0f49f4dc5583387afeb077b1deb498dfc Mon Sep 17 00:00:00 2001 From: Shubhada Date: Wed, 22 May 2024 16:24:38 -0700 Subject: [PATCH 1/5] Add Makefile targets for building, running, and testing RP container image locally with Podman fix the code setup_resources.sh has been fixed makefile has been fixed fix the code removed unwanted files vnet create and delete code has been added Makefile has been fixed makefile modified added code to add dedicated vnet unwanted file deleted added some imp files fix the issue code has been added code has been fixed fix the code hive cluster creation process has been done modified the file Updated the Dockerfile to install and configure openssh-server and openssl, and modified the Makefile to build and run the container with services. Modified the Makefile to build and run the container with services. Modified the Makefile to build and run the container with services. setup file has been fixed env file updated fix makefile fix makefile fix makefile added ci-rp in target file has been fixed file has been fixed veriable requirment has been updated Modify the environment variable CLUSTER_RESOURCEGROUP to include the user's distinct identifier, making it unique to each user veriable requirment has been updated veriable requirment has been updated fix the separate variable to handle all the images removed the unwanted stuff from the files added the loopback address before the port export fix the openshift version fix makefile target removed the unwanted target from Makefile env.example --- Makefile | 52 +++++++++++++-- env.example | 9 ++- pkg/env/dev.go | 2 +- setup_resources.sh | 159 +++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 215 insertions(+), 7 deletions(-) create mode 100755 setup_resources.sh diff --git a/Makefile b/Makefile index cd68e17f7f4..67d804d5c05 100644 --- a/Makefile +++ b/Makefile @@ -67,10 +67,54 @@ build-all: aro: check-release generate go build -ldflags "-X github.com/Azure/ARO-RP/pkg/util/version.GitCommit=$(VERSION)" ./cmd/aro +# Target to run the local RP .PHONY: runlocal-rp -runlocal-rp: - go run -ldflags "-X github.com/Azure/ARO-RP/pkg/util/version.GitCommit=$(VERSION)" ./cmd/aro rp - +runlocal-rp: ci-rp aks.kubeconfig + @set -a; source secrets/env; set +a; \ + podman run --rm -p 127.0.0.1:8443:8443 \ + --name aro-rp \ + -w /app \ + -e RP_MODE="development" \ + -e PROXY_HOSTNAME="$${PROXY_HOSTNAME}" \ + -e DOMAIN_NAME="$${DOMAIN_NAME}" \ + -e AZURE_RP_CLIENT_ID="$${AZURE_RP_CLIENT_ID}" \ + -e AZURE_FP_CLIENT_ID="$${AZURE_FP_CLIENT_ID}" \ + -e AZURE_SUBSCRIPTION_ID="$${AZURE_SUBSCRIPTION_ID}" \ + -e AZURE_TENANT_ID="$${AZURE_TENANT_ID}" \ + -e AZURE_RP_CLIENT_SECRET="$${AZURE_RP_CLIENT_SECRET}" \ + -e LOCATION="$${LOCATION}" \ + -e RESOURCEGROUP="$${RESOURCEGROUP}" \ + -e AZURE_ARM_CLIENT_ID="$${AZURE_ARM_CLIENT_ID}" \ + -e AZURE_FP_SERVICE_PRINCIPAL_ID="$${AZURE_FP_SERVICE_PRINCIPAL_ID}" \ + -e AZURE_DBTOKEN_CLIENT_ID="$${AZURE_DBTOKEN_CLIENT_ID}" \ + -e AZURE_PORTAL_CLIENT_ID="$${AZURE_PORTAL_CLIENT_ID}" \ + -e AZURE_PORTAL_ACCESS_GROUP_IDS="$${AZURE_PORTAL_ACCESS_GROUP_IDS}" \ + -e AZURE_CLIENT_ID="$${AZURE_CLIENT_ID}" \ + -e AZURE_SERVICE_PRINCIPAL_ID="$${AZURE_SERVICE_PRINCIPAL_ID}" \ + -e AZURE_CLIENT_SECRET="$${AZURE_CLIENT_SECRET}" \ + -e AZURE_GATEWAY_CLIENT_ID="$${AZURE_GATEWAY_CLIENT_ID}" \ + -e AZURE_GATEWAY_SERVICE_PRINCIPAL_ID="$${AZURE_GATEWAY_SERVICE_PRINCIPAL_ID}" \ + -e AZURE_GATEWAY_CLIENT_SECRET="$${AZURE_GATEWAY_CLIENT_SECRET}" \ + -e DATABASE_NAME="$${DATABASE_NAME}" \ + -e PULL_SECRET="$${PULL_SECRET}" \ + -e SECRET_SA_ACCOUNT_NAME="$${SECRET_SA_ACCOUNT_NAME}" \ + -e DATABASE_ACCOUNT_NAME="$${DATABASE_ACCOUNT_NAME}" \ + -e KEYVAULT_PREFIX="$${KEYVAULT_PREFIX}" \ + -e ADMIN_OBJECT_ID="$${ADMIN_OBJECT_ID}" \ + -e PARENT_DOMAIN_NAME="$${PARENT_DOMAIN_NAME}" \ + -e PARENT_DOMAIN_RESOURCEGROUP="$${PARENT_DOMAIN_RESOURCEGROUP}" \ + -e AZURE_ENVIRONMENT="$${AZURE_ENVIRONMENT}" \ + -e STORAGE_ACCOUNT_DOMAIN="$${STORAGE_ACCOUNT_DOMAIN}" \ + -e OIDC_STORAGE_ACCOUNT_NAME="$${OIDC_STORAGE_ACCOUNT_NAME}" \ + -e KUBECONFIG="/app/secrets/aks.kubeconfig" \ + -e HIVE_KUBE_CONFIG_PATH="/app/secrets/aks.kubeconfig" \ + -e ARO_CHECKOUT_PATH="/app" \ + -e ARO_INSTALL_VIA_HIVE="true" \ + -e ARO_ADOPT_BY_HIVE="true" \ + -v $(PWD)/aks.kubeconfig:/app/secrets/aks.kubeconfig:z \ + -v $(PWD)/secrets:/app/secrets:z \ + $$ARO_IMAGE rp + .PHONY: az az: pyenv . pyenv/bin/activate && \ @@ -366,4 +410,4 @@ vendor: .PHONY: install-go-tools install-go-tools: - go install ${GOTESTSUM} + go install ${GOTESTSUM} \ No newline at end of file diff --git a/env.example b/env.example index 07409d44d16..33eeb221597 100644 --- a/env.example +++ b/env.example @@ -1,8 +1,13 @@ # use unique prefix for Azure resources when it is set, otherwise use your user's name export AZURE_PREFIX="${AZURE_PREFIX:-$USER}" -export LOCATION=eastus +export LOCATION=westeurope export ARO_IMAGE=arointsvc.azurecr.io/aro:latest export NO_CACHE=false export AZURE_EXTENSION_DEV_SOURCES="$(pwd)/python" -. secrets/env +export CLUSTER_RESOURCEGROUP="${USER}-v4-$LOCATION" +export CLUSTER_NAME="${USER}-aro-cluster" +export CLUSTER_VNET="${USER}-aro-vnet" +ARO_IMAGE=arointsvc.azurecr.io/aro:latest + +. secrets/env \ No newline at end of file diff --git a/pkg/env/dev.go b/pkg/env/dev.go index 77605607da6..a5f8e20cb8b 100644 --- a/pkg/env/dev.go +++ b/pkg/env/dev.go @@ -74,7 +74,7 @@ func (d *dev) AROOperatorImage() string { func (d *dev) Listen() (net.Listener, error) { // in dev mode there is no authentication, so for safety we only listen on // localhost - return net.Listen("tcp", "localhost:8443") + return net.Listen("tcp", ":8443") } // TODO: Delete FPAuthorizer once the replace from track1 to track2 is done. diff --git a/setup_resources.sh b/setup_resources.sh new file mode 100755 index 00000000000..8d37b3d209e --- /dev/null +++ b/setup_resources.sh @@ -0,0 +1,159 @@ +#!/bin/bash + +set -e + +# Function to validate RP running +validate_rp_running() { + echo "########## Checking ARO RP Status ##########" + ELAPSED=0 + while true; do + sleep 5 + http_code=$(curl -k -s -o /dev/null -w '%{http_code}' https://localhost:8443/healthz/ready || true) + case $http_code in + "200") + echo "########## ✅ ARO RP Running ##########" + break + ;; + *) + echo "Attempt $ELAPSED - local RP is NOT up. Code : $http_code, waiting" + sleep 2 + # after 40 secs return exit 1 to not block ci + ELAPSED=$((ELAPSED + 1)) + if [ $ELAPSED -eq 20 ]; then + exit 1 + fi + ;; + esac + done +} + +# Ensure all env vars are set (CLUSTER_LOCATION, CLUSTER_RESOURCEGROUP, CLUSTER_NAME) +ALL_SET="true" +if [ -z ${AZURE_SUBSCRIPTION_ID} ]; then ALL_SET="false" && echo "AZURE_SUBSCRIPTION_ID is unset"; else echo "AZURE_SUBSCRIPTION_ID is set to '$AZURE_SUBSCRIPTION_ID'"; fi +if [ -z ${LOCATION} ]; then ALL_SET="false" && echo "LOCATION is unset"; else echo "LOCATION is set to '$LOCATION'"; fi +if [ -z ${CLUSTER_RESOURCEGROUP} ]; then ALL_SET="false" && echo "CLUSTER_RESOURCEGROUP is unset"; else echo "CLUSTER_RESOURCEGROUP is set to '$CLUSTER_RESOURCEGROUP'"; fi +if [ -z ${CLUSTER_NAME} ]; then ALL_SET="false" && echo "CLUSTER_NAME is unset"; else echo "CLUSTER_NAME is set to '$CLUSTER_NAME'"; fi +if [ -z ${CLUSTER_VNET} ]; then CLUSTER_VNET="aro-vnet2"; echo "CLUSTER_VNET is ${CLUSTER_VNET}"; fi +if [ -z ${CLUSTER_MASTER_SUBNET} ]; then CLUSTER_MASTER_SUBNET="master-subnet"; echo "CLUSTER_MASTER_SUBNET is ${CLUSTER_MASTER_SUBNET}"; fi +if [ -z ${CLUSTER_WORKER_SUBNET} ]; then CLUSTER_WORKER_SUBNET="worker-subnet"; echo "CLUSTER_WORKER_SUBNET is ${CLUSTER_WORKER_SUBNET}"; fi +if [ -z ${OPENSHIFT_VERSION} ]; then ALL_SET="false" && echo "OPENSHIFT_VERSION is unset"; else echo "OPENSHIFT_VERSION is set to '$OPENSHIFT_VERSION'"; fi +if [ -z ${OCP_PULLSPEC} ]; then ALL_SET="false" && echo "OCP_PULLSPEC is unset"; else echo "OCP_PULLSPEC is set to '$OCP_PULLSPEC'"; fi +if [ -z ${INSTALLER_PULLSPEC} ]; then ALL_SET="false" && echo "INSTALLER_PULLSPEC is unset"; else echo "INSTALLER_PULLSPEC is set to '$INSTALLER_PULLSPEC'"; fi + +if [[ "${ALL_SET}" != "true" ]]; then exit 1; fi + +# Check Azure CLI version +echo "Checking Azure CLI version..." +az_version=$(az --version | grep 'azure-cli' | awk '{print $2}') +required_version="2.30.0" +if [ "$(printf '%s\n' "$required_version" "$az_version" | sort -V | head -n1)" = "$required_version" ]; then + echo "Azure CLI version is compatible" +else + echo "Azure CLI version must be $required_version or later. Please upgrade." + exit 1 +fi + +# Set the subscription +echo "Setting the subscription..." +az account set --subscription $AZURE_SUBSCRIPTION_ID + +# Register the subscription directly +echo "Registering the subscription directly..." +curl -k -X PUT \ + -H 'Content-Type: application/json' \ + -d '{ + "state": "Registered", + "properties": { + "tenantId": "'"$AZURE_TENANT_ID"'", + "registeredFeatures": [ + { + "name": "Microsoft.RedHatOpenShift/RedHatEngineering", + "state": "Registered" + } + ] + } +}' "https://localhost:8443/subscriptions/$AZURE_SUBSCRIPTION_ID?api-version=2.0" + +# Validate RP running +validate_rp_running + +# Function to add supported OpenShift version +add_openshift_version() { + local version=$1 + local openshift_pullspec=$2 + local installer_pullspec=$3 + + echo "Adding OpenShift version $version..." + curl -k -X PUT "https://localhost:8443/admin/versions" --header "Content-Type: application/json" -d '{ + "properties": { + "version": "'"$version"'", + "enabled": true, + "openShiftPullspec": "'"$openshift_pullspec"'", + "installerPullspec": "'"$installer_pullspec"'" + } + }' +} + +# Add the required OpenShift version +add_openshift_version "$OPENSHIFT_VERSION" "$OCP_PULLSPEC" "$INSTALLER_PULLSPEC" + +# Delete the existing cluster if it exists +echo "Deleting the existing cluster if it exists..." +az aro delete --resource-group $CLUSTER_RESOURCEGROUP --name $CLUSTER_NAME --yes --no-wait || true + +# Wait for the cluster deletion to complete +echo "Waiting for the cluster to be deleted..." +while az aro show --name $CLUSTER_NAME --resource-group $CLUSTER_RESOURCEGROUP &> /dev/null; do + echo "Cluster is still being deleted...waiting 30 seconds." + sleep 30 +done + +# Create resource group +echo "Creating resource group $CLUSTER_RESOURCEGROUP in $LOCATION..." +az group create --name $CLUSTER_RESOURCEGROUP --location $LOCATION + +# Create virtual network +echo "Creating virtual network $CLUSTER_VNET in $CLUSTER_RESOURCEGROUP..." +az network vnet create --resource-group $CLUSTER_RESOURCEGROUP --name $CLUSTER_VNET --address-prefixes 10.0.0.0/22 + +# Delete any existing subnets and associated resources +echo "Deleting any existing master subnet resources..." +az network vnet subnet delete --resource-group $CLUSTER_RESOURCEGROUP --vnet-name $CLUSTER_VNET --name $CLUSTER_MASTER_SUBNET || true + +echo "Deleting any existing worker subnet resources..." +az network vnet subnet delete --resource-group $CLUSTER_RESOURCEGROUP --vnet-name $CLUSTER_VNET --name $CLUSTER_WORKER_SUBNET || true + +# Create master subnet +echo "Creating master subnet $CLUSTER_MASTER_SUBNET in $CLUSTER_VNET..." +az network vnet subnet create --resource-group $CLUSTER_RESOURCEGROUP --vnet-name $CLUSTER_VNET --name $CLUSTER_MASTER_SUBNET --address-prefixes 10.0.0.0/23 --service-endpoints Microsoft.ContainerRegistry + +# Create worker subnet +echo "Creating worker subnet $CLUSTER_WORKER_SUBNET in $CLUSTER_VNET..." +az network vnet subnet create --resource-group $CLUSTER_RESOURCEGROUP --vnet-name $CLUSTER_VNET --name $CLUSTER_WORKER_SUBNET --address-prefixes 10.0.2.0/23 --service-endpoints Microsoft.ContainerRegistry + +# Create cluster +echo "Creating cluster $CLUSTER_NAME in $CLUSTER_RESOURCEGROUP..." +az aro create --resource-group $CLUSTER_RESOURCEGROUP --name $CLUSTER_NAME --vnet $CLUSTER_VNET --master-subnet $CLUSTER_MASTER_SUBNET --worker-subnet $CLUSTER_WORKER_SUBNET --pull-secret "$PULL_SECRET" --location $LOCATION --version $OPENSHIFT_VERSION || { + echo "Cluster creation failed. Fetching deployment logs..." + + # Fetch the deployment logs for further analysis + deployment_name=$(az deployment group list --resource-group $CLUSTER_RESOURCEGROUP --query '[0].name' -o tsv) + if [ -n "$deployment_name" ]; then + az deployment group show --name $deployment_name --resource-group $CLUSTER_RESOURCEGROUP + else + echo "No deployment found for resource group $CLUSTER_RESOURCEGROUP." + fi + + exit 1 +} + +# Check for the existence of the cluster +if az aro show --name $CLUSTER_NAME --resource-group $CLUSTER_RESOURCEGROUP &> /dev/null; then + echo "Cluster creation successful." +else + echo "Cluster creation failed. Please check the logs for more details." + exit 1 +fi + +echo "To list cluster credentials, run:" +echo " az aro list-credentials --name $CLUSTER_NAME --resource-group $CLUSTER_RESOURCEGROUP" From 90b0ea3e89c4539d93e378e61f5129d2ea64d849 Mon Sep 17 00:00:00 2001 From: Shubhada Date: Fri, 12 Jul 2024 12:37:00 -0700 Subject: [PATCH 2/5] fix: Validate RP before cluster creation, add env variables for OCP pullspecs, and update instructions fix: Use RP_IMAGE_LOCAL for Linux compatibility in runlocal-rp target remove the changes veriable file modified move the set file to the hack directory and updated the doc move the set file to the hack directory and updated the doc Improve Podman Compatibility for Local RP with Secrets Handling Improve Podman compatibility by switching from 72626 to syntax for environment variables in Makefile env file updated Added logic to print the VNet/Subnets env file updated Update OpenShift version to 4.13.40 Update OpenShift version to 4.13.40 file added file added modified the makefile file has been added file has been added Makefile has been modifies Added the dynamic variable to fetch the default openshift version Update setup_resources.sh to dynamically fetch OpenShift version and pull specs from const.go --- Makefile | 92 +++++++++++-------- docs/deploy-development-rp.md | 83 +++++++++++++---- setup_resources.sh => hack/setup_resources.sh | 49 +++++++--- pkg/env/dev.go | 2 - 4 files changed, 156 insertions(+), 70 deletions(-) rename setup_resources.sh => hack/setup_resources.sh (70%) diff --git a/Makefile b/Makefile index 67d804d5c05..c64fe36c3c1 100644 --- a/Makefile +++ b/Makefile @@ -67,53 +67,71 @@ build-all: aro: check-release generate go build -ldflags "-X github.com/Azure/ARO-RP/pkg/util/version.GitCommit=$(VERSION)" ./cmd/aro +# Target to create docker secrets +.PHONY: docker-secrets +docker-secrets: aks.kubeconfig + docker secret rm --ignore aks.kubeconfig + docker secret create aks.kubeconfig ./aks.kubeconfig + + docker secret rm --ignore proxy-client.key + docker secret create proxy-client.key ./secrets/proxy-client.key + + docker secret rm --ignore proxy-client.crt + docker secret create proxy-client.crt ./secrets/proxy-client.crt + + docker secret rm --ignore proxy.crt + docker secret create proxy.crt ./secrets/proxy.crt + # Target to run the local RP .PHONY: runlocal-rp -runlocal-rp: ci-rp aks.kubeconfig - @set -a; source secrets/env; set +a; \ - podman run --rm -p 127.0.0.1:8443:8443 \ +runlocal-rp: ci-rp docker-secrets + docker run --rm -p 127.0.0.1:8443:8443 \ --name aro-rp \ -w /app \ + -e ARO_IMAGE \ -e RP_MODE="development" \ - -e PROXY_HOSTNAME="$${PROXY_HOSTNAME}" \ - -e DOMAIN_NAME="$${DOMAIN_NAME}" \ - -e AZURE_RP_CLIENT_ID="$${AZURE_RP_CLIENT_ID}" \ - -e AZURE_FP_CLIENT_ID="$${AZURE_FP_CLIENT_ID}" \ - -e AZURE_SUBSCRIPTION_ID="$${AZURE_SUBSCRIPTION_ID}" \ - -e AZURE_TENANT_ID="$${AZURE_TENANT_ID}" \ - -e AZURE_RP_CLIENT_SECRET="$${AZURE_RP_CLIENT_SECRET}" \ - -e LOCATION="$${LOCATION}" \ - -e RESOURCEGROUP="$${RESOURCEGROUP}" \ - -e AZURE_ARM_CLIENT_ID="$${AZURE_ARM_CLIENT_ID}" \ - -e AZURE_FP_SERVICE_PRINCIPAL_ID="$${AZURE_FP_SERVICE_PRINCIPAL_ID}" \ - -e AZURE_DBTOKEN_CLIENT_ID="$${AZURE_DBTOKEN_CLIENT_ID}" \ - -e AZURE_PORTAL_CLIENT_ID="$${AZURE_PORTAL_CLIENT_ID}" \ - -e AZURE_PORTAL_ACCESS_GROUP_IDS="$${AZURE_PORTAL_ACCESS_GROUP_IDS}" \ - -e AZURE_CLIENT_ID="$${AZURE_CLIENT_ID}" \ - -e AZURE_SERVICE_PRINCIPAL_ID="$${AZURE_SERVICE_PRINCIPAL_ID}" \ - -e AZURE_CLIENT_SECRET="$${AZURE_CLIENT_SECRET}" \ - -e AZURE_GATEWAY_CLIENT_ID="$${AZURE_GATEWAY_CLIENT_ID}" \ - -e AZURE_GATEWAY_SERVICE_PRINCIPAL_ID="$${AZURE_GATEWAY_SERVICE_PRINCIPAL_ID}" \ - -e AZURE_GATEWAY_CLIENT_SECRET="$${AZURE_GATEWAY_CLIENT_SECRET}" \ - -e DATABASE_NAME="$${DATABASE_NAME}" \ - -e PULL_SECRET="$${PULL_SECRET}" \ - -e SECRET_SA_ACCOUNT_NAME="$${SECRET_SA_ACCOUNT_NAME}" \ - -e DATABASE_ACCOUNT_NAME="$${DATABASE_ACCOUNT_NAME}" \ - -e KEYVAULT_PREFIX="$${KEYVAULT_PREFIX}" \ - -e ADMIN_OBJECT_ID="$${ADMIN_OBJECT_ID}" \ - -e PARENT_DOMAIN_NAME="$${PARENT_DOMAIN_NAME}" \ - -e PARENT_DOMAIN_RESOURCEGROUP="$${PARENT_DOMAIN_RESOURCEGROUP}" \ - -e AZURE_ENVIRONMENT="$${AZURE_ENVIRONMENT}" \ - -e STORAGE_ACCOUNT_DOMAIN="$${STORAGE_ACCOUNT_DOMAIN}" \ - -e OIDC_STORAGE_ACCOUNT_NAME="$${OIDC_STORAGE_ACCOUNT_NAME}" \ + -e PROXY_HOSTNAME \ + -e DOMAIN_NAME \ + -e AZURE_RP_CLIENT_ID \ + -e AZURE_FP_CLIENT_ID \ + -e AZURE_SUBSCRIPTION_ID \ + -e AZURE_TENANT_ID \ + -e AZURE_RP_CLIENT_SECRET \ + -e LOCATION \ + -e RESOURCEGROUP \ + -e AZURE_ARM_CLIENT_ID \ + -e AZURE_FP_SERVICE_PRINCIPAL_ID \ + -e AZURE_DBTOKEN_CLIENT_ID \ + -e AZURE_PORTAL_CLIENT_ID \ + -e AZURE_PORTAL_ACCESS_GROUP_IDS \ + -e AZURE_CLIENT_ID \ + -e AZURE_SERVICE_PRINCIPAL_ID \ + -e AZURE_CLIENT_SECRET \ + -e AZURE_GATEWAY_CLIENT_ID \ + -e AZURE_GATEWAY_SERVICE_PRINCIPAL_ID \ + -e AZURE_GATEWAY_CLIENT_SECRET \ + -e DATABASE_NAME \ + -e PULL_SECRET \ + -e SECRET_SA_ACCOUNT_NAME \ + -e DATABASE_ACCOUNT_NAME \ + -e KEYVAULT_PREFIX \ + -e ADMIN_OBJECT_ID \ + -e PARENT_DOMAIN_NAME \ + -e PARENT_DOMAIN_RESOURCEGROUP \ + -e AZURE_ENVIRONMENT \ + -e STORAGE_ACCOUNT_DOMAIN \ + -e OIDC_STORAGE_ACCOUNT_NAME \ -e KUBECONFIG="/app/secrets/aks.kubeconfig" \ -e HIVE_KUBE_CONFIG_PATH="/app/secrets/aks.kubeconfig" \ -e ARO_CHECKOUT_PATH="/app" \ -e ARO_INSTALL_VIA_HIVE="true" \ -e ARO_ADOPT_BY_HIVE="true" \ - -v $(PWD)/aks.kubeconfig:/app/secrets/aks.kubeconfig:z \ - -v $(PWD)/secrets:/app/secrets:z \ - $$ARO_IMAGE rp + --secret aks.kubeconfig,target=/app/secrets/aks.kubeconfig \ + --secret proxy-client.key,target=/app/secrets/proxy-client.key \ + --secret proxy-client.crt,target=/app/secrets/proxy-client.crt \ + --secret proxy.crt,target=/app/secrets/proxy.crt \ + $(RP_IMAGE_LOCAL) rp + .PHONY: az az: pyenv diff --git a/docs/deploy-development-rp.md b/docs/deploy-development-rp.md index 01a0596de16..60b43486696 100644 --- a/docs/deploy-development-rp.md +++ b/docs/deploy-development-rp.md @@ -1,31 +1,19 @@ # Deploy development RP -## Why to use it? -This is the **preferred** and fast way to have your own local development RP setup, while also having a functional cluster. -It uses hacks scripts around a lot of the setup to make things easier to bootstrap and be more sensible for running off of your local laptop. - -- Check the specific use-case examples where [deploying full RP service](https://github.com/Azure/ARO-RP/blob/master/docs/deploy-full-rp-service-in-dev.md) can be a better match. - ## Prerequisites 1. Your development environment is prepared according to the steps outlined in [Prepare Your Dev Environment](./prepare-your-dev-environment.md) ## Installing the extension -1. Check the `env.example` file and copy it by creating your own: - - ```bash - cp env.example env - ``` - -2. Build the development `az aro` extension: +1. Build the development `az aro` extension: ```bash . ./env make az ``` -3. Verify the ARO extension is registered: +1. Verify the ARO extension is registered: ```bash az -v @@ -481,12 +469,69 @@ To run fake metrics socket: ```bash go run ./hack/monitor ``` +## Run the RP and create a Hive cluster -## Troubleshooting +**Steps to perform on Mac** -1. Trying to use `az aro` CLI in Production, fails with: +1. Mount your local MacOS filesystem into the podman machine: +```bash +podman machine init --now --cpus=4 --memory=4096 -v $HOME:$HOME ``` -(NoRegisteredProviderFound) No registered resource provider found for location '$LOCATION' and API version '2024-08-12-preview' + +2. Use the openvpn config file (which is now mounted inside the podman machine) to start the VPN connection: + +```bash +podman machine ssh + +sudo rpm-ostree install openvpn + +sudo systemctl reboot + +podman machine ssh + +sudo openvpn --config /Users//go/src/github.com/Azure/ARO-RP/secrets/vpn-aks-westeurope.ovpn --daemon --writepid vpnpid + +ps aux | grep openvpn ``` -- Check if`~/.azure/config` there is a block `extensions.dev_sources`. If yes, comment it. -- Check if env var `AZURE_EXTENSION_DEV_SOURCES` is set. If yes, unset it. \ No newline at end of file + +### Instructions for Modifying Environment File + +**Update the env File** + +- Open the `env` file. +- Update env file instructions: set `OPENSHIFT_VERSION`, update `INSTALLER_PULLSPEC` and `OCP_PULLSPEC`, mention quay.io for SHA256 hash. +- Update INSTALLER_PULLSPEC with the appropriate name and tag, typically matching the OpenShift version, e.g., `release-4.13.`(for more detail see the `env.example`) + +* Source the environment file before creating the cluster using the `setup_resources.sh` script(Added the updated env in the PR) +```bash +cd /hack + +./setup_resources.sh +``` + +* Once the cluster create verify connectivity with the ARO cluster: +- Download the admin kubeconfig file +```bash +az aro get-admin-kubeconfig --name --resource-group v4-westeurope --file ~/.kube/aro-admin-kubeconfig +``` +- Set the KUBECONFIG environment variable +```bash +export KUBECONFIG=~/.kube/aro-admin-kubeconfig +``` +- Verify connectivity with the ARO cluster +```bash +kubectl get nodes +``` + +```bash +kubectl get nodes +NAME STATUS ROLES AGE VERSION +shpaitha-aro-cluster-4sp5c-master-0 Ready control-plane,master 39m v1.25.11+1485cc9 +shpaitha-aro-cluster-4sp5c-master-1 Ready control-plane,master 39m v1.25.11+1485cc9 +shpaitha-aro-cluster-4sp5c-master-2 Ready control-plane,master 39m v1.25.11+1485cc9 +shpaitha-aro-cluster-4sp5c-worker-westeurope1-j9c76 Ready worker 29m v1.25.11+1485cc9 +shpaitha-aro-cluster-4sp5c-worker-westeurope2-j9zrs Ready worker 27m v1.25.11+1485cc9 +shpaitha-aro-cluster-4sp5c-worker-westeurope3-56tk7 Ready worker 28m v1.25.11+1485cc9 +``` + + diff --git a/setup_resources.sh b/hack/setup_resources.sh similarity index 70% rename from setup_resources.sh rename to hack/setup_resources.sh index 8d37b3d209e..29b6e4af0c6 100755 --- a/setup_resources.sh +++ b/hack/setup_resources.sh @@ -2,6 +2,32 @@ set -e +# Determine the base directory of the script +BASE_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd) + +# Construct the path to const.go using the base directory +CONST_GO_PATH="$BASE_DIR/pkg/util/version/const.go" + +# Debugging: Print paths for verification +echo "Base directory: $BASE_DIR" +echo "Path to const.go: $CONST_GO_PATH" + +# Check if const.go exists +if [ ! -f "$CONST_GO_PATH" ]; then + echo "Error: File $CONST_GO_PATH not found." + exit 1 +fi + +# Extract version and pullspec from const.go +OPENSHIFT_VERSION=$(awk -F'[(,)]' '/NewVersion/ {gsub(/ /, ""); print $2"."$3"."$4; exit}' "$CONST_GO_PATH") +OCP_PULLSPEC=$(awk -F'"' '/PullSpec:/ {print $2; exit}' "$CONST_GO_PATH") +INSTALLER_PULLSPEC="arointsvc.azurecr.io/aro-installer:release-$OPENSHIFT_VERSION" + +# Print the fetched values for verification +echo "Using OpenShift version: $OPENSHIFT_VERSION" +echo "Using OCP_PULLSPEC: $OCP_PULLSPEC" +echo "Using INSTALLER_PULLSPEC: $INSTALLER_PULLSPEC" + # Function to validate RP running validate_rp_running() { echo "########## Checking ARO RP Status ##########" @@ -27,18 +53,15 @@ validate_rp_running() { done } -# Ensure all env vars are set (CLUSTER_LOCATION, CLUSTER_RESOURCEGROUP, CLUSTER_NAME) +# Ensure all env vars are set (LOCATION, CLUSTER_RESOURCEGROUP, CLUSTER_NAME) ALL_SET="true" -if [ -z ${AZURE_SUBSCRIPTION_ID} ]; then ALL_SET="false" && echo "AZURE_SUBSCRIPTION_ID is unset"; else echo "AZURE_SUBSCRIPTION_ID is set to '$AZURE_SUBSCRIPTION_ID'"; fi -if [ -z ${LOCATION} ]; then ALL_SET="false" && echo "LOCATION is unset"; else echo "LOCATION is set to '$LOCATION'"; fi -if [ -z ${CLUSTER_RESOURCEGROUP} ]; then ALL_SET="false" && echo "CLUSTER_RESOURCEGROUP is unset"; else echo "CLUSTER_RESOURCEGROUP is set to '$CLUSTER_RESOURCEGROUP'"; fi -if [ -z ${CLUSTER_NAME} ]; then ALL_SET="false" && echo "CLUSTER_NAME is unset"; else echo "CLUSTER_NAME is set to '$CLUSTER_NAME'"; fi -if [ -z ${CLUSTER_VNET} ]; then CLUSTER_VNET="aro-vnet2"; echo "CLUSTER_VNET is ${CLUSTER_VNET}"; fi -if [ -z ${CLUSTER_MASTER_SUBNET} ]; then CLUSTER_MASTER_SUBNET="master-subnet"; echo "CLUSTER_MASTER_SUBNET is ${CLUSTER_MASTER_SUBNET}"; fi -if [ -z ${CLUSTER_WORKER_SUBNET} ]; then CLUSTER_WORKER_SUBNET="worker-subnet"; echo "CLUSTER_WORKER_SUBNET is ${CLUSTER_WORKER_SUBNET}"; fi -if [ -z ${OPENSHIFT_VERSION} ]; then ALL_SET="false" && echo "OPENSHIFT_VERSION is unset"; else echo "OPENSHIFT_VERSION is set to '$OPENSHIFT_VERSION'"; fi -if [ -z ${OCP_PULLSPEC} ]; then ALL_SET="false" && echo "OCP_PULLSPEC is unset"; else echo "OCP_PULLSPEC is set to '$OCP_PULLSPEC'"; fi -if [ -z ${INSTALLER_PULLSPEC} ]; then ALL_SET="false" && echo "INSTALLER_PULLSPEC is unset"; else echo "INSTALLER_PULLSPEC is set to '$INSTALLER_PULLSPEC'"; fi +if [ -z "${AZURE_SUBSCRIPTION_ID}" ]; then ALL_SET="false" && echo "AZURE_SUBSCRIPTION_ID is unset"; else echo "AZURE_SUBSCRIPTION_ID is set to '$AZURE_SUBSCRIPTION_ID'"; fi +if [ -z "${LOCATION}" ]; then ALL_SET="false" && echo "LOCATION is unset"; else echo "LOCATION is set to '$LOCATION'"; fi +if [ -z "${CLUSTER_RESOURCEGROUP}" ]; then ALL_SET="false" && echo "CLUSTER_RESOURCEGROUP is unset"; else echo "CLUSTER_RESOURCEGROUP is set to '$CLUSTER_RESOURCEGROUP'"; fi +if [ -z "${CLUSTER_NAME}" ]; then ALL_SET="false" && echo "CLUSTER_NAME is unset"; else echo "CLUSTER_NAME is set to '$CLUSTER_NAME'"; fi +if [ -z "${CLUSTER_VNET}" ]; then CLUSTER_VNET="aro-vnet2"; fi; echo "CLUSTER_VNET is ${CLUSTER_VNET}" +if [ -z "${CLUSTER_MASTER_SUBNET}" ]; then CLUSTER_MASTER_SUBNET="master-subnet"; fi; echo "CLUSTER_MASTER_SUBNET is ${CLUSTER_MASTER_SUBNET}" +if [ -z "${CLUSTER_WORKER_SUBNET}" ]; then CLUSTER_WORKER_SUBNET="worker-subnet"; fi; echo "CLUSTER_WORKER_SUBNET is ${CLUSTER_WORKER_SUBNET}" if [[ "${ALL_SET}" != "true" ]]; then exit 1; fi @@ -46,7 +69,7 @@ if [[ "${ALL_SET}" != "true" ]]; then exit 1; fi echo "Checking Azure CLI version..." az_version=$(az --version | grep 'azure-cli' | awk '{print $2}') required_version="2.30.0" -if [ "$(printf '%s\n' "$required_version" "$az_version" | sort -V | head -n1)" = "$required_version" ]; then +if [ "$(printf '%s\n' "$required_version" "$az_version" | sort -V | head -n1)" = "$required_version" ]; then echo "Azure CLI version is compatible" else echo "Azure CLI version must be $required_version or later. Please upgrade." @@ -157,3 +180,5 @@ fi echo "To list cluster credentials, run:" echo " az aro list-credentials --name $CLUSTER_NAME --resource-group $CLUSTER_RESOURCEGROUP" + +echo "Note: Do not manually delete any resources. Let the script handle the deletions to avoid issues." diff --git a/pkg/env/dev.go b/pkg/env/dev.go index a5f8e20cb8b..bb900cd2760 100644 --- a/pkg/env/dev.go +++ b/pkg/env/dev.go @@ -72,8 +72,6 @@ func (d *dev) AROOperatorImage() string { } func (d *dev) Listen() (net.Listener, error) { - // in dev mode there is no authentication, so for safety we only listen on - // localhost return net.Listen("tcp", ":8443") } From 1b1249714a7714898706820e6a3c91f6d64df9b8 Mon Sep 17 00:00:00 2001 From: Shubhada Date: Thu, 1 Aug 2024 13:14:02 -0700 Subject: [PATCH 3/5] Set INSTALLER_PULLSPEC dynamically using the extracted OpenShift version to ensure accurate deployment configurations fixed the env --- env.example | 1 - hack/setup_resources.sh | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/env.example b/env.example index 33eeb221597..f3fb808ff7f 100644 --- a/env.example +++ b/env.example @@ -1,7 +1,6 @@ # use unique prefix for Azure resources when it is set, otherwise use your user's name export AZURE_PREFIX="${AZURE_PREFIX:-$USER}" export LOCATION=westeurope -export ARO_IMAGE=arointsvc.azurecr.io/aro:latest export NO_CACHE=false export AZURE_EXTENSION_DEV_SOURCES="$(pwd)/python" diff --git a/hack/setup_resources.sh b/hack/setup_resources.sh index 29b6e4af0c6..b33f1c19607 100755 --- a/hack/setup_resources.sh +++ b/hack/setup_resources.sh @@ -21,9 +21,9 @@ fi # Extract version and pullspec from const.go OPENSHIFT_VERSION=$(awk -F'[(,)]' '/NewVersion/ {gsub(/ /, ""); print $2"."$3"."$4; exit}' "$CONST_GO_PATH") OCP_PULLSPEC=$(awk -F'"' '/PullSpec:/ {print $2; exit}' "$CONST_GO_PATH") -INSTALLER_PULLSPEC="arointsvc.azurecr.io/aro-installer:release-$OPENSHIFT_VERSION" -# Print the fetched values for verification +# Set the INSTALLER_PULLSPEC +INSTALLER_PULLSPEC="arointsvc.azurecr.io/aro-installer:release-$OPENSHIFT_VERSION" echo "Using OpenShift version: $OPENSHIFT_VERSION" echo "Using OCP_PULLSPEC: $OCP_PULLSPEC" echo "Using INSTALLER_PULLSPEC: $INSTALLER_PULLSPEC" From 1046a8de61db505274caa283d912cf726e2a03d6 Mon Sep 17 00:00:00 2001 From: Shubhada Date: Thu, 1 Aug 2024 18:06:19 -0700 Subject: [PATCH 4/5] Fixed INSTALLER_PULLSPEC to use correct release version format by trimming minor version from OpenShift version file has been added --- docs/deploy-development-rp.md | 40 +++++++++++++++++++---------------- hack/setup_resources.sh | 2 +- 2 files changed, 23 insertions(+), 19 deletions(-) diff --git a/docs/deploy-development-rp.md b/docs/deploy-development-rp.md index 60b43486696..7cfca79aa18 100644 --- a/docs/deploy-development-rp.md +++ b/docs/deploy-development-rp.md @@ -1,19 +1,31 @@ # Deploy development RP +## Why to use it? +This is the **preferred** and fast way to have your own local development RP setup, while also having a functional cluster. +It uses hacks scripts around a lot of the setup to make things easier to bootstrap and be more sensible for running off of your local laptop. + +- Check the specific use-case examples where [deploying full RP service](https://github.com/Azure/ARO-RP/blob/master/docs/deploy-full-rp-service-in-dev.md) can be a better match. + ## Prerequisites 1. Your development environment is prepared according to the steps outlined in [Prepare Your Dev Environment](./prepare-your-dev-environment.md) ## Installing the extension -1. Build the development `az aro` extension: +1. Check the `env.example` file and copy it by creating your own: + + ```bash + cp env.example env + ``` + +2. Build the development `az aro` extension: ```bash . ./env make az ``` -1. Verify the ARO extension is registered: +3. Verify the ARO extension is registered: ```bash az -v @@ -469,46 +481,32 @@ To run fake metrics socket: ```bash go run ./hack/monitor ``` -## Run the RP and create a Hive cluster +### Run the RP and create a Hive cluster **Steps to perform on Mac** - 1. Mount your local MacOS filesystem into the podman machine: ```bash podman machine init --now --cpus=4 --memory=4096 -v $HOME:$HOME ``` - 2. Use the openvpn config file (which is now mounted inside the podman machine) to start the VPN connection: - ```bash podman machine ssh - sudo rpm-ostree install openvpn - sudo systemctl reboot - podman machine ssh - sudo openvpn --config /Users//go/src/github.com/Azure/ARO-RP/secrets/vpn-aks-westeurope.ovpn --daemon --writepid vpnpid - ps aux | grep openvpn ``` - ### Instructions for Modifying Environment File - **Update the env File** - - Open the `env` file. - Update env file instructions: set `OPENSHIFT_VERSION`, update `INSTALLER_PULLSPEC` and `OCP_PULLSPEC`, mention quay.io for SHA256 hash. - Update INSTALLER_PULLSPEC with the appropriate name and tag, typically matching the OpenShift version, e.g., `release-4.13.`(for more detail see the `env.example`) - * Source the environment file before creating the cluster using the `setup_resources.sh` script(Added the updated env in the PR) ```bash cd /hack - ./setup_resources.sh ``` - * Once the cluster create verify connectivity with the ARO cluster: - Download the admin kubeconfig file ```bash @@ -522,7 +520,6 @@ export KUBECONFIG=~/.kube/aro-admin-kubeconfig ```bash kubectl get nodes ``` - ```bash kubectl get nodes NAME STATUS ROLES AGE VERSION @@ -534,4 +531,11 @@ shpaitha-aro-cluster-4sp5c-worker-westeurope2-j9zrs Ready worker shpaitha-aro-cluster-4sp5c-worker-westeurope3-56tk7 Ready worker 28m v1.25.11+1485cc9 ``` +## Troubleshooting +1. Trying to use `az aro` CLI in Production, fails with: +``` +(NoRegisteredProviderFound) No registered resource provider found for location '$LOCATION' and API version '2024-08-12-preview' +``` +- Check if`~/.azure/config` there is a block `extensions.dev_sources`. If yes, comment it. +- Check if env var `AZURE_EXTENSION_DEV_SOURCES` is set. If yes, unset it. \ No newline at end of file diff --git a/hack/setup_resources.sh b/hack/setup_resources.sh index b33f1c19607..10ecf5186de 100755 --- a/hack/setup_resources.sh +++ b/hack/setup_resources.sh @@ -23,7 +23,7 @@ OPENSHIFT_VERSION=$(awk -F'[(,)]' '/NewVersion/ {gsub(/ /, ""); print $2"."$3"." OCP_PULLSPEC=$(awk -F'"' '/PullSpec:/ {print $2; exit}' "$CONST_GO_PATH") # Set the INSTALLER_PULLSPEC -INSTALLER_PULLSPEC="arointsvc.azurecr.io/aro-installer:release-$OPENSHIFT_VERSION" +INSTALLER_PULLSPEC="arointsvc.azurecr.io/aro-installer:release-$(echo $OPENSHIFT_VERSION | sed 's/\.[^.]*$//')" echo "Using OpenShift version: $OPENSHIFT_VERSION" echo "Using OCP_PULLSPEC: $OCP_PULLSPEC" echo "Using INSTALLER_PULLSPEC: $INSTALLER_PULLSPEC" From d948f491748f8382f0115e3755b89549aa502e11 Mon Sep 17 00:00:00 2001 From: Shubhada Date: Thu, 8 Aug 2024 12:29:32 -0700 Subject: [PATCH 5/5] fixed the env --- env.example | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/env.example b/env.example index f3fb808ff7f..ea1b92f9c57 100644 --- a/env.example +++ b/env.example @@ -7,6 +7,6 @@ export AZURE_EXTENSION_DEV_SOURCES="$(pwd)/python" export CLUSTER_RESOURCEGROUP="${USER}-v4-$LOCATION" export CLUSTER_NAME="${USER}-aro-cluster" export CLUSTER_VNET="${USER}-aro-vnet" -ARO_IMAGE=arointsvc.azurecr.io/aro:latest +export ARO_IMAGE=arointsvc.azurecr.io/aro:latest . secrets/env \ No newline at end of file